Privacy Policy

1. Introduction

Welcome to Loto ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App"). Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it.

By downloading, installing, accessing, or using the App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with our policies and practices, do not download, install, access, or use the App.

This Privacy Policy applies to all users of the App, regardless of where they are located. We are committed to complying with applicable data protection laws, including but not limited to the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, the Children's Online Privacy Protection Act (COPPA), and other relevant privacy laws in the United States.

2. Information We Collect

2.1 Information You Provide Directly

When you use the App, you may provide us with certain information directly:

• Photos and Images: You may upload or capture photos of nail polish, hair color, and lipstick. These photos are stored locally on your device and are not transmitted to our servers unless you explicitly choose to share them or use features that require cloud processing.
• Color Data: Information about colors you save, including RGB values, CMYK values, brand color matches, labels, tags, and categories (nail polish, hair color, lipstick).
• Matching Records: Color combination records, harmony types, scores, and recommendations that you save in the App.
• Preferences and Settings: Your app preferences, settings, and customization choices.

2.2 Information Collected Automatically

When you use the App, we may automatically collect certain information:

• Device Information: Device type, operating system version, device identifiers (such as IDFA on iOS), device language, screen resolution, and other technical information necessary for the App to function properly.
• Usage Data: Information about how you interact with the App, including features used, time spent on different screens, frequency of use, and interaction patterns. This information helps us improve the App's functionality and user experience.
• Crash Reports and Logs: Technical information about errors, crashes, and performance issues that may occur while using the App. This may include device information, app version, and error details.
• Network Information: Information about your network connection, including IP address, network type (Wi-Fi, cellular), and connection quality when you use features that require internet connectivity.

2.3 Information from Device Permissions

The App may request certain permissions on your device:

• Camera Permission: Required for taking photos of colors. We only access your camera when you actively use the camera feature within the App.
• Photo Library Access: Required for selecting existing photos from your device. We only access photos you explicitly select within the App.
• App Tracking Transparency (ATT): On iOS devices, we may request permission to track your activity across apps and websites for advertising and analytics purposes, in compliance with Apple's App Tracking Transparency framework. You can choose to allow or deny this permission.

You can revoke these permissions at any time through your device settings. Revoking permissions may limit or disable certain features of the App.

3. How We Use Your Information

We use the information we collect for various purposes, including:

1. To Provide and Maintain the App: To deliver the App's core functionality, including color extraction, color matching, skin tone analysis, and educational content.
2. To Improve the App: To analyze usage patterns, identify bugs and performance issues, and develop new features and improvements based on user feedback and behavior.
3. To Personalize Your Experience: To customize the App's interface, recommendations, and content based on your preferences and usage history.
4. To Communicate with You: To respond to your inquiries, provide customer support, send important notices about the App (such as updates or changes to our policies), and send you marketing communications if you have opted in to receive them.
5. To Ensure Security: To detect, prevent, and address technical issues, fraud, security threats, and other harmful activities.
6. To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, and governmental requests.
7. For Analytics and Research: To conduct research and analysis to better understand how users interact with the App and to improve our services. This may include aggregated and anonymized data that cannot be used to identify you.

4. Data Storage and Security

4.1 Local Storage

Loto is designed as a local-first application. Most of your data, including photos, color records, tags, labels, and matching history, is stored directly on your device's local storage. This data remains on your device and is not automatically synchronized with our servers or other devices.

We use industry-standard encryption and security measures to protect data stored on your device. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

4.2 Cloud Storage and Synchronization

Currently, the App does not provide cloud storage or synchronization services. All data remains on your device. If we introduce cloud storage or synchronization features in the future, we will update this Privacy Policy and obtain your explicit consent before transferring your data to cloud servers.

4.3 Data Retention

We retain your information for as long as necessary to provide you with the App's services and fulfill the purposes described in this Privacy Policy. Since most data is stored locally on your device, you have full control over data retention. You can delete any data at any time through the App's interface, or by uninstalling the App, which will remove all App-related data from your device.

We may retain certain anonymized, aggregated data for analytical purposes even after you delete your personal data or uninstall the App. This data cannot be used to identify you personally.

4.4 Data Security Measures

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest where applicable
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure coding practices and vulnerability management
• Employee training on data protection and privacy

5. Information Sharing and Disclosure

We respect your privacy and do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

• Analytics providers to help us understand how the App is used
• Cloud storage providers if we implement cloud features in the future
• Customer support service providers
• Payment processors if we add in-app purchases

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

• Comply with legal obligations, processes, or requests
• Enforce our Terms of Service and other agreements
• Protect our rights, privacy, safety, or property, and that of our users or others
• Respond to claims that any content violates the rights of third parties
• Detect, prevent, or otherwise address fraud, security, or technical issues

5.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing. For example, if you choose to share your color combinations on social media or with other users through a future sharing feature.

6. Children's Privacy

The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at the contact information provided below, and we will take steps to delete such information from our systems.

If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us.

In some jurisdictions, the age of majority may be higher than 13. In such cases, we will comply with the applicable age requirements in those jurisdictions.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights:

7.1 Access and Portability

You have the right to access the personal information we hold about you. Since most data is stored locally on your device, you can access it directly through the App. You can also request a copy of your data in a portable format by contacting us.

7.2 Correction and Deletion

You have the right to correct inaccurate or incomplete information. You can update your information directly through the App or by contacting us. You also have the right to request deletion of your personal information. You can delete data through the App's interface or by uninstalling the App.

7.3 Opt-Out Rights

You have the right to opt out of certain data processing activities:

• You can opt out of personalized advertising by adjusting your device's advertising settings or by denying the App Tracking Transparency permission on iOS.
• You can opt out of marketing communications by following the unsubscribe instructions in our emails or by contacting us.
• You can disable analytics tracking through your device settings, though this may limit our ability to improve the App.

7.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt out of the sale of your personal information. As stated above, we do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, please contact us using the information provided in the "Contact Us" section below.

7.5 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: You have the right to obtain confirmation as to whether or not your personal data is being processed and to access your personal data.
• Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete personal data completed.
• Right to Erasure: You have the right to request deletion of your personal data under certain circumstances.
• Right to Restrict Processing: You have the right to restrict the processing of your personal data under certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data under certain circumstances.
• Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw consent at any time.

To exercise your GDPR rights, please contact us using the information provided in the "Contact Us" section below.

8. Third-Party Services and Links

The App may contain links to third-party websites, services, or resources that are not owned or controlled by us. We are not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party services you access through the App.

The App may integrate with third-party services for analytics, advertising, or other purposes. These third-party services may collect information about you according to their own privacy policies. We encourage you to review their privacy policies to understand how they collect, use, and share your information.

Some examples of third-party services that may be used in the App include:

• Analytics services (such as Google Analytics, if implemented)
• Advertising networks (if advertising features are added)
• Cloud storage providers (if cloud features are implemented)
• Social media platforms (if sharing features are added)

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your information to these countries.

If you are located in the EEA, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws, such as standard contractual clauses approved by the European Commission.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy in the App
• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending you a notification through the App or via email if we have your email address

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If we make material changes that significantly affect your rights or the way we use your information, we will provide more prominent notice and may require your consent before implementing such changes.

11. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you and relevant authorities as required by applicable law. We will provide notice without undue delay and, where feasible, within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms.

Our notification will include:

• A description of the nature of the breach
• The categories and approximate number of individuals affected
• The likely consequences of the breach
• The measures we are taking or propose to take to address the breach
• Recommendations for you to mitigate potential adverse effects

12. Do Not Track Signals

Some browsers and devices support "Do Not Track" (DNT) signals that indicate your preference not to be tracked across websites and online services. Currently, there is no industry standard for responding to DNT signals. We do not currently respond to DNT signals, but we respect your privacy choices through the settings available in the App and your device.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will make every effort to respond to your inquiries within a reasonable timeframe, typically within 30 days. For requests related to your privacy rights, we will respond within the timeframes required by applicable law.

If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.